Arusha | Tokyo | Tower Hamlets

Security and Privacy Through Cryptography

In the 1840s a scandal broke out in the UK shaking the postal service and government to the ground. It became apparent that agents of the government were reading the letters of political rivals before delivering them to their intended recipients. At the time letters tended to be only a single sheet of paper, folded and sealed. It was possible to squeeze the letter partially open and read the contents without alerting the recipient. After this scandal, the British public began to use a new invention to protect their messages – the humble envelope.

In the year 2000 many postal services around the world are under threat because it is now cheaper and faster to send emails than letters. We may have moved in technological terms, but in many ways we have returned to pre-envelope days where our intimate thoughts are easily intercepted and read by strangers. Like posted letters, emails pass through many hands before arriving in the recipients inbox. Like the folded notes of yesteryear, it is a simple matter to peer inside and read the contents.

What we need are electronic envelopes

It is not possible to wrap the letters and numbers that make up an email in a physical envelope. It is possible to change the letters and numbers into something that does not resemble words.

In war time, orders, tactic and other pieces of sensitive information need to be sent to distant people – generals at the front line; spies behind enemy lines. This information must not fall into enemy hands. Militaries around the world have long used secret codes to make this information useless should it be intercepted by the enemy.

This involves sharing the secret of how to decode encrypted messages with people who will be receiving future messages. However, there is a danger one of these people is captured and reveals the secret decoding methods?

It is often useful to think of encryption as involving keys and lockable boxes. A message inside a locked box can only be read if one has the key. Teaching spies and generals how to decode messages is in effect giving them the key.
But keys can be stolen and the box opened by the enemy.

In the 1960s a UK government cryptography expert, James Ellis, turned this concept on its head. Instead of delivering keys to agents in the field, running the risk of enemies capturing and copying the keys, send them an open but lockable
box. The agent could put a message in the box, and close it. If the enemy captured the box they would not be able to open it, even if they captured the spy – he would not have the key to open the box. The key would remain safely in the
hands of the recipient of the message. This is the birth of Public Key Cryptography.

Of course, there is no real box – instead there are mathematical methods for turning a message into what appears to be nonsense. The Public Key makes this transformation possible. This key cannot be used to decode a message once it is encrypted. It is therefore safe to make it public. Anyone who has this key can use it to encrypt messages, but only those with the corresponding Private Key can decode it. This key is never shared.

Which brings us back to email. It is not secure from prying eyes! Since emails pass through many computer systems on their way to their recipients there are many opportunities to open email that may contain sensitive material. Governments regularly monitor email passing through its countries borders – whether to capture terrorists and enemy agents, or crack down on political rivals, or keep an eye on its citizens. It has even been suggested that some governments pass the secrets of foreign companies to companies based in their own country.

Criminals too can gain sensitive information such as credit card numbers from emails they open.

It is also remarkably simple to send an email in someone else’s name. It is not uncommon in the USA and Europe for criminals to create emails that appear to come from a bank to trick people into giving their bank details. This information can be used to empty the accounts and run up debt in someone else’s name!

Public Key Cryptography is useful here as a Private Key can be used to sign a document – mark it with a code that can be checked against a public key. A bank would make a public key available to customers who would then be able to check if a message really came from the bank. This signature cannot be forged. The signature also confirms the integrity of the message – the message cannot be changed while on its way to the recipient without using the private key to sign the message again.

Public Key Cryptography forms the basis for a solid electronic envelope for our emails, ensuring that messages cannot be forged or altered, and also providing a means for keeping them secret.

In the next article in this series I will show you how to put Public Key Cryptography to use yourself.